Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/palo-2.14/include/asm/pdc.h
Examining data/palo-2.14/ipl/bootloader.h
Examining data/palo-2.14/ipl/byteio.c
Examining data/palo-2.14/ipl/ext2.c
Examining data/palo-2.14/ipl/ext2_fs.h
Examining data/palo-2.14/ipl/fileio.c
Examining data/palo-2.14/ipl/ipl.c
Examining data/palo-2.14/ipl/lib.c
Examining data/palo-2.14/ipl/offset.c
Examining data/palo-2.14/ipl/pdc_bootio.c
Examining data/palo-2.14/ipl/pdc_cons.c
Examining data/palo-2.14/ipl/pdc_misc.c
Examining data/palo-2.14/ipl/stdio.h
Examining data/palo-2.14/ipl/vsprintf.c
Examining data/palo-2.14/lib/common.h
Examining data/palo-2.14/lib/diskpart.c
Examining data/palo-2.14/lib/elf32.c
Examining data/palo-2.14/lib/elf64.c
Examining data/palo-2.14/lib/gzip.c
Examining data/palo-2.14/lib/inflate.c
Examining data/palo-2.14/lib/load.c
Examining data/palo-2.14/lib/load.h
Examining data/palo-2.14/lib/part.h
Examining data/palo-2.14/lib/som.c
Examining data/palo-2.14/palo/error.c
Examining data/palo-2.14/palo/mkbootable.c
Examining data/palo-2.14/palo/palo.c
Examining data/palo-2.14/palo/palo.h
Examining data/palo-2.14/palo/paloio.c
Examining data/palo-2.14/unwind.c
FINAL RESULTS:
data/palo-2.14/ipl/bootloader.h:69:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char *strcpy(char *dest, const char *src);
data/palo-2.14/ipl/bootloader.h:70:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
char *strcat(char *dest, const char *src);
data/palo-2.14/ipl/bootloader.h:82:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
int vsprintf(char *buf, const char *fmt, va_list args);
data/palo-2.14/ipl/bootloader.h:83:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
int sprintf(char *buf, const char *fmt, ...);
data/palo-2.14/ipl/bootloader.h:89:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(const char *fmt, ...);
data/palo-2.14/ipl/ext2.c:769:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuf, name);
data/palo-2.14/ipl/ext2.c:930:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fullname, linkto);
data/palo-2.14/ipl/ipl.c:69:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p1);
data/palo-2.14/ipl/ipl.c:74:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, p1);
data/palo-2.14/ipl/ipl.c:118:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(out, in);
data/palo-2.14/ipl/ipl.c:134:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, cmdline);
data/palo-2.14/ipl/ipl.c:143:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lcmd, suffix1);
data/palo-2.14/ipl/ipl.c:253:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out, tmpbuf);
data/palo-2.14/ipl/ipl.c:348:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(orig, commandline);
data/palo-2.14/ipl/ipl.c:353:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(commandline);
data/palo-2.14/ipl/ipl.c:400:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commandline, orig);
data/palo-2.14/ipl/ipl.c:563:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f.cmdline, f.cmdline_old);
data/palo-2.14/ipl/ipl.c:576:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commandline, f.cmdline);
data/palo-2.14/ipl/ipl.c:649:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commandline,
data/palo-2.14/ipl/ipl.c:652:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(kern_fullname, "%d%s", kern_part, kern_name);
data/palo-2.14/ipl/lib.c:155:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
char *strcpy(char *dest, const char *src)
data/palo-2.14/ipl/lib.c:164:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
char *strcat(char *dest, const char *src)
data/palo-2.14/ipl/lib.c:172:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, src);
data/palo-2.14/ipl/lib.c:251:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(txt); /* print initial text */
data/palo-2.14/ipl/pdc_cons.c:73:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(const char *fmt, ...)
data/palo-2.14/ipl/pdc_cons.c:83:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, args);
data/palo-2.14/ipl/stdio.h:1:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(const char *fmt, ...);
data/palo-2.14/ipl/vsprintf.c:113:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
int sprintf(char * buf, const char *fmt, ...);
data/palo-2.14/ipl/vsprintf.c:115:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
int vsprintf(char *buf, const char *fmt, va_list args)
data/palo-2.14/ipl/vsprintf.c:279:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
int sprintf(char * buf, const char *fmt, ...)
data/palo-2.14/ipl/vsprintf.c:285:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
i=vsprintf(buf,fmt,args);
data/palo-2.14/palo/error.c:114:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, errormessages[number], args);
data/palo-2.14/palo/palo.c:70:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f->palomagic, PALOMAGIC);
data/palo-2.14/palo/palo.c:533:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "mke2fs -t ext%d -O^resize_inode -b %d -l %s %s",
data/palo-2.14/palo/palo.c:541:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
i = system(cmd);
data/palo-2.14/palo/palo.c:722:2: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt_long(argc, argv, optstring, Longopts, 0)
data/palo-2.14/palo/palo.c:724:40: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
# define GETOPT(argc, argv, optstring) getopt(argc, argv, optstring)
data/palo-2.14/include/asm/pdc.h:373:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bc[6]; /* bus converter routing info */
data/palo-2.14/include/asm/pdc.h:614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bc[6]; /* Bus Converter routing info to a specific */
data/palo-2.14/ipl/bootloader.h:72:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(void *d, const void *s, size_t len);
data/palo-2.14/ipl/byteio.c:59:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*buf, b->readbuf + offset, n);
data/palo-2.14/ipl/byteio.c:155:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, alignedbuf, n);
data/palo-2.14/ipl/ext2.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char blkbuf[EXT2_MAX_BLOCK_SIZE];
data/palo-2.14/ipl/ext2.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iblkbuf[EXT2_MAX_BLOCK_SIZE];
data/palo-2.14/ipl/ext2.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char diblkbuf[EXT2_MAX_BLOCK_SIZE];
data/palo-2.14/ipl/ext2.c:762:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[256];
data/palo-2.14/ipl/ext2.c:927:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[(end - base + 1) + strlen(linkto) + 1];
data/palo-2.14/ipl/ext2_fs.h:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_volume_name[16]; /* volume name */
data/palo-2.14/ipl/ext2_fs.h:488:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_last_mounted[64]; /* directory where last mounted */
data/palo-2.14/ipl/ext2_fs.h:606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[EXT2_NAME_LEN]; /* File name */
data/palo-2.14/ipl/ext2_fs.h:620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[EXT2_NAME_LEN]; /* File name */
data/palo-2.14/ipl/ipl.c:17:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commandline[CMDLINELEN];
data/palo-2.14/ipl/ipl.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CMDLINELEN];
data/palo-2.14/ipl/ipl.c:129:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lcmd[CMDLINELEN];
data/palo-2.14/ipl/ipl.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[CMDLINELEN];
data/palo-2.14/ipl/ipl.c:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, kern_dir[256];
data/palo-2.14/ipl/ipl.c:307:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(kern_dir, "/.");
data/palo-2.14/ipl/ipl.c:341:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[MAX_ARGV], *p;
data/palo-2.14/ipl/ipl.c:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orig[CMDLINELEN];
data/palo-2.14/ipl/ipl.c:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[4];
data/palo-2.14/ipl/ipl.c:345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fieldbuf[200];
data/palo-2.14/ipl/ipl.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys_model_name[81];
data/palo-2.14/ipl/ipl.c:487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kern_name[128], rd_name[128];
data/palo-2.14/ipl/ipl.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kern_fullname[128+10];
data/palo-2.14/ipl/ipl.c:570:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(f.cmdline, "0/vmlinux root=???");
data/palo-2.14/ipl/ipl.c:611:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bc[6];
data/palo-2.14/ipl/ipl.c:619:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathcomp[4];
data/palo-2.14/ipl/ipl.c:625:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pathcomp, "%d/", cons.bc[i]);
data/palo-2.14/ipl/ipl.c:629:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pathcomp, "%d", cons.mod);
data/palo-2.14/ipl/lib.c:212:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *memcpy(void *d, const void *s, size_t len)
data/palo-2.14/ipl/pdc_cons.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/palo-2.14/ipl/pdc_misc.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char iodc_string[512] __attribute__ ((aligned (64)));
data/palo-2.14/ipl/pdc_misc.c:269:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iodc_data[8];
data/palo-2.14/ipl/pdc_misc.c:270:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iodc_data, pdc_result2, 8);
data/palo-2.14/ipl/pdc_misc.c:303:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, iodc_string, pdc_result[0]);
data/palo-2.14/ipl/pdc_misc.c:325:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iodc_string, s, len);
data/palo-2.14/ipl/vsprintf.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c,sign,tmp[66];
data/palo-2.14/lib/common.h:55:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define pa_memcpy memcpy
data/palo-2.14/lib/common.h:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char palomagic[5]; /* PALO */
data/palo-2.14/lib/common.h:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline_old[128]; /* OLD: Up to 127 bytes of text plus a \0 */
data/palo-2.14/lib/common.h:111:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad1[0xf0 - 8 - 9 * sizeof (int) - 128];
data/palo-2.14/lib/common.h:123:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad2[0x1be - (0xf0 + 3 * sizeof (int))];
data/palo-2.14/lib/common.h:126:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dosmagic[2]; /* 0x55, 0xaa */
data/palo-2.14/lib/common.h:127:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad4[1024 - 0x200];
data/palo-2.14/lib/common.h:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[CMDLINELEN];/* max 1023 bytes of text plus a \0 */
data/palo-2.14/lib/gzip.c:30:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define pa_memcpy memcpy
data/palo-2.14/lib/gzip.c:79:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gzbuffer[GZBUFFER_SIZE];
data/palo-2.14/lib/inflate.c:933:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[2]; /* magic header */
data/palo-2.14/lib/load.c:31:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, &loadable->uncompressed_data[seg->offset], n);
data/palo-2.14/palo/mkbootable.c:115:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((bootloader = open(argv[1], O_RDONLY)) == -1)
data/palo-2.14/palo/mkbootable.c:123:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((bootloader = open(argv[1], O_RDONLY)) == -1)
data/palo-2.14/palo/mkbootable.c:128:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((out = open(argv[2], O_RDWR|O_CREAT|O_TRUNC, 0666)) == -1)
data/palo-2.14/palo/palo.c:482:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char partitionname[256];
data/palo-2.14/palo/palo.c:491:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((partitionfd = open(partitionname, O_RDWR)) < 0) {
data/palo-2.14/palo/palo.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char badblockfilename[256];
data/palo-2.14/palo/palo.c:503:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[512];
data/palo-2.14/palo/palo.c:515:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(badblockfilename, "/tmp/paloblk-%d", getpid());
data/palo-2.14/palo/palo.c:516:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(badblockfilename, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR)) < 0) {
data/palo-2.14/palo/palo.c:523:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/palo-2.14/palo/palo.c:525:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d\n", i);
data/palo-2.14/palo/palo.c:539:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cmd, " > /dev/null 2>&1");
data/palo-2.14/palo/palo.c:749:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *newargv[MAXARGS];
data/palo-2.14/palo/palo.c:783:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fconfig = fopen(config_file, "r")) == NULL)
data/palo-2.14/palo/palo.c:790:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/palo-2.14/palo/palo.c:861:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(optarg, O_RDONLY)) == -1)
data/palo-2.14/palo/palo.c:880:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((ramdisk = open(optarg, O_RDONLY)) == -1)
data/palo-2.14/palo/palo.c:910:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((bootloader = open(bootloaderfile, O_RDONLY)) == -1)
data/palo-2.14/palo/palo.c:930:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((media = open(medianame, O_RDWR|O_CREAT|O_TRUNC, 0666)) == -1)
data/palo-2.14/palo/palo.c:949:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((media = open(medianame, O_RDWR)) == -1)
data/palo-2.14/palo/palo.c:1018:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((media = open(medianame, O_RDWR)) == -1)
data/palo-2.14/palo/paloio.c:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check[1024];
data/palo-2.14/palo/paloio.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FW_BLOCKSIZE];
data/palo-2.14/ipl/bootloader.h:73:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char *s);
data/palo-2.14/ipl/bootloader.h:78:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
extern char * strncpy(char * dest,const char *src,size_t count);
data/palo-2.14/ipl/bootloader.h:86:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int getchar(void);
data/palo-2.14/ipl/ext2.c:787:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
component_length = strlen(component);
data/palo-2.14/ipl/ext2.c:927:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char fullname[(end - base + 1) + strlen(linkto) + 1];
data/palo-2.14/ipl/ext2.c:928:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fullname, base, end - base + 1);
data/palo-2.14/ipl/ipl.c:75:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2 = p1 + strlen(p1);
data/palo-2.14/ipl/ipl.c:110:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int need = strlen(out) + strlen(in) + 1;
data/palo-2.14/ipl/ipl.c:110:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int need = strlen(out) + strlen(in) + 1;
data/palo-2.14/ipl/ipl.c:432:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fieldbuf, argv[editfield], sizeof(fieldbuf));
data/palo-2.14/ipl/ipl.c:468:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(*check, sys_model_name, strlen(*check)) == 0)
data/palo-2.14/ipl/ipl.c:574:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(f.cmdline) >= sizeof f.cmdline)
data/palo-2.14/ipl/ipl.c:685:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wname = kern_name + strlen(kern_name) - 2;
data/palo-2.14/ipl/lib.c:192:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen(s2);
data/palo-2.14/ipl/lib.c:195:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(s1);
data/palo-2.14/ipl/lib.c:222:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char * s)
data/palo-2.14/ipl/lib.c:254:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar();
data/palo-2.14/ipl/lib.c:301:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *p = s + strlen(s);
data/palo-2.14/ipl/lib.c:318:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
char * strncpy(char * dest,const char *src,size_t count)
data/palo-2.14/ipl/pdc_cons.c:15:1: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar(void)
data/palo-2.14/ipl/pdc_cons.c:34:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(s);
data/palo-2.14/palo/palo.c:310:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f.cmdline, commandline, sizeof(f.cmdline)-1);
data/palo-2.14/palo/palo.c:430:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f.cmdline, commandline, sizeof(f.cmdline)-1);
data/palo-2.14/palo/palo.c:469:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f.cmdline, commandline, sizeof(f.cmdline)-1);
data/palo-2.14/palo/palo.c:526:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/palo-2.14/palo/palo.c:554:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f.cmdline, commandline, sizeof(f.cmdline)-1);
data/palo-2.14/palo/palo.c:575:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f.cmdline, commandline, sizeof(f.cmdline)-1);
data/palo-2.14/palo/palo.c:652:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f.cmdline, commandline, sizeof(f.cmdline)-1);
data/palo-2.14/palo/palo.c:692:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f.cmdline, commandline, sizeof(f.cmdline)-1);
data/palo-2.14/palo/palo.c:806:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = ptr + strlen(ptr) - 1;
data/palo-2.14/palo/palo.c:888:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(commandline) >= CMDLINELEN)
data/palo-2.14/palo/palo.c:889:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
error(3,CMDLINELEN-1,strlen(commandline));
data/palo-2.14/palo/paloio.c:59:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (r != -1 && read(fd, check, n) != n)
data/palo-2.14/palo/paloio.c:99:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (r != -1 && (r = read(fd, buf, size)) != size)
data/palo-2.14/palo/paloio.c:122:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(in, buf, sizeof buf)) > 0)
ANALYSIS SUMMARY:
Hits = 147
Lines analyzed = 8575 in approximately 0.25 seconds (34133 lines/second)
Physical Source Lines of Code (SLOC) = 6166
Hits@level = [0] 221 [1] 35 [2] 75 [3] 2 [4] 35 [5] 0
Hits@level+ = [0+] 368 [1+] 147 [2+] 112 [3+] 37 [4+] 35 [5+] 0
Hits/KSLOC@level+ = [0+] 59.6821 [1+] 23.8404 [2+] 18.1641 [3+] 6.00065 [4+] 5.67629 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.